Sqlite

This hub aggregates every CVE we track for Sqlite. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Sqlite.

• CVE-2026-11824SQLite before 3.53.2 Heap Buffer Overflow via FTS5 fts5ChunkIterate7.8Jun 9, 2026
• CVE-2026-11822SQLite before 3.53.2 Memory Corruption in FTS5 Extension7.8Jun 9, 2026
• CVE-2025-70873An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.7.5Mar 12, 2026
• CVE-2025-7458SQLite integer overflow in key info allocation may lead to information disclosure.9.1Jul 29, 2025
• CVE-2025-6965Integer Truncation on SQLite9.8Jul 15, 2025
• CVE-2025-3277An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the bu...9.8Apr 14, 2025
• CVE-2025-29088In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sz*nBig multiplication is not cast to a 64...5.6Apr 10, 2025
• CVE-2025-29087In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-control...3.2Apr 7, 2025
• CVE-2024-0232Sqlite: use-after-free bug in jsonparseaddnodearray4.7Jan 16, 2024
• CVE-2023-7104SQLite SQLite3 make alltest sqlite3session.c sessionReadRecord heap-based overflow5.5Dec 25, 2023
• CVE-2021-31239An issue found in SQLite SQLite3 v.3.35.4 that allows a remote attacker to cause a denial of service via the appendvfs.c function.7.5May 9, 2023
• CVE-2022-46908SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions ...7.3Dec 12, 2022
• CVE-2020-35525In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing.7.5Sep 1, 2022
• CVE-2020-35527In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause.9.8Sep 1, 2022
• CVE-2022-35737SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.7.5Aug 3, 2022